Advisories ยป MGASA-2014-0289

Updated dpkg packages fixes security vulnerabilities

Publication date: 08 Jul 2014
Modification date: 08 Jul 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0471 , CVE-2014-3864 , CVE-2014-3865

Description

Jakub Wilk discovered that dpkg did not correctly parse C-style filename
quoting, allowing for paths to be traversed when unpacking a source package,
leading to the creation of files outside the directory of the source being
unpacked (CVE-2014-0471).

Multiple vulnerabilities were discovered in dpkg that allow file modification
through path traversal when unpacking source packages with especially-crafted
patch files (CVE-2014-3864, CVE-2014-3865).
                

References

SRPMS

3/core

4/core